ssh to IPv6 address on non default port

kernow

• February 25, 2017 13:59

Have this problem on several servers we run. I can ssh to a remote servers IPv4 address successfully on the default port 22 and any other port I change the remote servers ssh port to. I can successfully ssh to the remote servers IPv6 address but only if its on port 22, if I change the ssh port on the remote server to another port, restart sshd, then try to connect the connection hangs before timing out. No error messages. Disabling the firewall makes no difference. I am of course using the p switch eg: ssh -pxxx user@IPv6 address. Also tried with ssh -6 -pxxx user@IPv6 address. Any ideas what up?

• 

  NOC_Serverpoint

  • February 26, 2017 05:53

  Hi, The IPv6 Firewall script helps you manage your IPv6 firewall. Any user with root privileges can run the IPv6 Firewall script. Run this script if either of the following statements are true: You do not need to manage your IPv6 firewall rules with any other tools or utilities. You are unable to connect to your IPv6 addresses or IPv6 enabled websites on port 80. Run the /usr/local/cpanel/scripts/configure_rh_ipv6_firewall_for_cpanel script to perform the following actions: Open port 22 for SSH Open port 53 for DNS Open port 80 for HTTP Note: The rules that the IPv6 firewall script creates are persistent, and they remain active even if you reboot the server. So please open the port using the following script. Article: Enable IPv6 - 11.46 Documentation - cPanel Documentation Thanks,

  0
• 

  kernow

  • February 26, 2017 08:11

  Thanks, I have read that info already. But as I already said it works OK on port 22 . Everything else works including our IPv6 websites and IPv6 nameservers. We use use CSF so we shouldn't need to run the cpanel IPv6 script.

  0
• 

  cPanelMichael

  • February 27, 2017 18:14

  Hello, Does the issue persist if you remove this server's entry from your local known_hosts file? Thank you.

  0
• 

  kernow

  • February 27, 2017 21:05

  Yes, sadly it does.

  0
• 

  cPanelMichael

  • February 28, 2017 14:06

  Hello, Could you let us know what "ListenAddress" entries are added to the /etc/ssh/sshd_config file on this system? Thank you.

  0
• 

  kernow

  • February 28, 2017 15:18

  No specific addresses are assigned so its just the defaults:
  #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress ::
  

  0
• 

  cPanelMichael

  • February 28, 2017 18:39

  Hello, Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome. Thank you.

  0
• 

  kernow

  • March 03, 2017 14:57

  ticket # 8273427 Eventually fixed by: 1) add the remote ssh server port to connecting server CSF: Allow outgoing IPv6 TCP ports 2) Put the IPV6 addr enclosed in square brackets in the hosts.allow file. Example: sshd : [2801:db8:2:1::] : allow 3) Add full IPv6 range /64 to CSF allow. Note, none of the above needed when remote server uses default ssh port 22

  0
• 

  cPanelMichael

  • March 03, 2017 16:05

  Hello, I'm happy to see the issue was addressed. Thank you for updating us with the outcome.

  0

Please sign in to leave a comment.